An Insecure direct object reference vulnerability was found in Mozilla Monitor which allowed any user to delete secondary email addresses in other usersβ accounts, using the email address ID. The vulnerability was fixed by ensuring that the delete operation is properly scoped to a particular user.
Hello